CVE-2026-14701
MEDIUM
6.3
CVSS 3.1
Description
A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Metadata
Severity & Metrics
6.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| code-projects | Internship Management System | — | 1.0 |
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 6.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.3 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 5.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-376297 | code-projects Internship Management System Password Change Endpoint change_password.php sql injection https://vuldb.com/vuln/376297
- VDB-376297 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/376297/cti
- CVE-2026-14701 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-14701
- Submit #846890 | Internship Portal file `employer/details/change_password.php` contains a Time-Based Blind SQL Injection vulnerability v1.0 SQL Injection https://vuldb.com/submit/846890
- https://github.com/zzzxc643/CVE1/blob/main/assessment/vul8.md
- https://code-projects.org/